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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments, see remarks, filed 1 3 February 2007, with respect to the 
rejection(s) of claim(s) 1-22, 26-31, and 34-40 under 35 U.S.C. have been fully 
considered and are persuasive. Therefore, the rejection has been withdrawn. 
However, upon further consideration, a new ground(s) of rejection is made in view of 
newly found prior art reference(s). 

2. The applicant argued in substance the limitations of independent claims 1,10, 
18, and 27. However, the newly cited prior art teach these limitations. The applicant also 
added claim 40, which has been addressed. See below rejections. 

Claim Rejections - 35 USC § 103 

3. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 1 02(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 



Application/Control Number: 10/759,182 Page 3 

Art Unit: 2141 

5. Claims 1,10, and 40 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Crichton et al. (2002/0031 126) and Verhoorn, III et al. (6,725,371). 

6. As per claim 1 , Crichton et al. teaches a method in a router having at least one 
outbound interface (see Crichton et al., ^ 72), the method comprising: establishing, on 
the outbound interface, a plurality of Internet Protocol (IP)-based secure connections 
with respective destinations based on receiving encrypted packets generated by a 
cryptographic module (see Crichton et al., ^ 40-41), each encrypted packet 
successively output from the cryptographic module having a corresponding 
successively-unique sequence number (see Crichton et al., H 50 and H 74); controlling 
supply of data packets to the cryptographic module by: (1) assigning, for each secure 
connection, a corresponding queuing module (see Crichton et al., U 43 and H 68) (2) 
reordering, in each queuing module, a corresponding group of the data packets 
associated with the corresponding secure connection according to a determined quality 
of service policy (see Crichton et al., H 56 and H 62) and based on a corresponding 
assigned maximum output bandwidth for the corresponding queuing module (see 
Crichton et al., H 51), and outputting data packets according to the corresponding 
assigned maximum output bandwidth, (see Crichton et al., H 5); and second outputting 
the encrypted packets from the cryptographic module to the one outbound interface for 
transport via their associated secure connections (see Crichton et al., H 3). But fails to 
teach outputting to the cryptographic module the group of data packets, from each 
corresponding queuing module for generation of the encrypted packets. However, 
Verhoorn, III et al. teaches outputting to the cryptographic module the group of data 
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packets, from each corresponding queuing module for generation of the encrypted 
packets (see Verhoorn, III et al., col. 4, lines 20-30). It would have been obvious to one 
having ordinary skill in the art at the time of the invention to modify Crichton et al. to 
outputting to the cryptographic module the group of data packets, from each 
corresponding queuing module for generation of the encrypted packets in order to 
reduce the latency times that are introduced by converting between secure and 
unsecure packets (see Verhoorn, III et al., col. 1, line 61-col. 2, line 10). 
7. As per claim 10, Crichton et al. teaches a router comprising: a cryptographic 
module configured for successively outputting encrypted packets having respective 
successively-unique sequence numbers (see Crichton et al., H 50 and H 74); an 
outbound interface configured for establishing a plurality of Internet Protocol (IP)-based 
secure connections with respective destinations based on receiving respective streams 
of the encrypted packets (see Crichton et al., H 40-41); the queue controller configured 
for assigning, for each secure connection, a corresponding queuing module (see 
Crichton et al., H 43 and ^ 68), a corresponding group of data packets associated with 
the corresponding secure connection (see Crichton et al., H 5), and according to a 
corresponding assigned maximum output bandwidth for the corresponding queuing 
module, (see Crichton et al., U 51), and (2) reordering the corresponding group of the 
data packets according to a determined quality of service policy and the corresponding 
assigned maximum output bandwidth (see Crichton et al., H 56 and 62). But fails to 
teach a queue controller configured for controlling supply of data packets to the 
cryptographic module each queuing module configured for: (I) outputting to the 
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cryptographic module a corresponding group of the data packets for generation of the 
corresponding stream of the encrypted packets. However, Verhoorn, III et al. teaches a 
queue controller configured for controlling supply of data packets to the cryptographic 
module each queuing module configured for: (I) outputting to the cryptographic module 
a corresponding group of the data packets for generation of the corresponding stream 
of the encrypted packets (see Verhoorn, III et al., col. 4, lines 20-30). It would have 
been obvious to one having ordinary skill in the art at the time of the invention to modify 
Crichton et al. to a queue controller configured for controlling supply of data packets to 
the cryptographic module each queuing module configured for: (I) outputting to the 
cryptographic module a corresponding group of the data packets for generation of the 
corresponding stream of the encrypted packets in order to reduce the latency times that 
are introduced by converting between secure and unsecure packets (see Verhoorn, III 
etal., col. 1, line61-col. 2, line 10). 

8. As per claim 40, Crichton-Verhoorn teach a method, wherein: the router includes 
the outbound interface, the cryptographic module, and each of the queuing modules; 
the establishing of the IP-based secure connections, the controlling supply of data 
packets, and the second outputting of the encrypted packets to the outbound interface 
each executed in the router (see Crichton et al., page 12, claim 22). 

9. Claims 2-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Crichton et al. and Verhoorn, III et al. as applied to claim 1 above, and further in view of 
Young et al. (2003/0093563). 
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10. As per claim 2, Crichton et al. and Verhoorn, III et al. teach the mentioned 
limitations of claim 1 above but fail to teach a method, wherein the reordering step 
includes, in each queuing module, reordering the corresponding group of the data 
packets according to the determined quality of service policy in response to detection of 
a congestion condition in the outbound interface. However, Young et al. teaches a 
method, wherein the reordering step includes, in each queuing module, reordering the 
corresponding group of the data packets according to the determined quality of service 
policy in response to detection of a congestion condition in the outbound interface (see 
Young et al., H 9). It would have been obvious to one having ordinary skill in the art at 
the time of the invention to modify Crichton et al. and Verhoorn, III et al. to a method, 
wherein the reordering step includes, in each queuing module, reordering the • 
corresponding group of the data packets according to the determined quality of service 
policy in response to detection of a congestion condition in the outbound interface in 
order to implement a complete customer premise solution that enables secure, reliable 
and manageable delivery of voice, video and data services over common IP 
connections (see Young et al., H 2). 

11. As per claims 3-9, the above-mentioned motivation of claim 2 applies fully in 
order to combine Crichton et al., Verhoorn, III et al., and Young et al. 

12. As per claim 3, Crichton et al., Verhoorn, III et al., Young et al. teach a method, 
wherein the reordering step includes, in each queuing module: establishing a plurality of 
queues having respective identified priorities (see Young et al., paragraph 0051); 
storing each data packet associated with the corresponding secure connection in one of 
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the queues based on a corresponding identified priority for said each data packet (see 
Young et al., paragraph 0019); and selectively outputting the stored data packets from 
the queues, according to the corresponding quality of service policy (see Young et al., 
paragraph 0009). 

13. As per claim 4, Crichton et al., Verhoorn, III et al., Young et al. teach a method, 
wherein: the establishing step includes establishing, on each of a plurality of the 
outbound interfaces (see Young et al., paragraph 0080), a corresponding plurality of the 
secure corrections with a corresponding plurality of respective destinations based on 
receiving a corresponding stream of encrypted packets from the cryptographic module 
(see Young et al., paragraph 0082); the controlling step includes controlling the supply 
of data packets, for each outbound interface, from the cryptographic module based on 
repeating the assigning, reordering, and outputting steps for each of the secure 
connections (see Young et al., paragraph 0150); the second outputting step including 
outputting each encrypted packet to a corresponding one of the outbound interfaces 
according to a routing decision executed by the router (see Young et al., paragraph 
0098). 

14. As per claim 5, Crichton et al., Verhoorn, III et al., Young et al. teach a method, 
wherein the second outputting step includes outputting the encrypted packets for 
transport via their associated secure connections according to IP Security (IPSEC) 
protocol (see Young et al., paragraph 0123). 

15. As per claim 6, Crichton et al., Verhoorn, III et al., Young et al. teach a method, 
wherein the determined quality of service policy implements a guaranteed quality of 
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service for one of a video stream and an audio stream (see Young et al., paragraph 
0053). 

16. As per claim 7, Crichton et al., Verhoorn, III et al., Young et al. teach a method, 
wherein the audio stream is a Voice over IP media stream (see Young et al., paragraph 
0053). 

17. As per claim 8, Crichton et al., Verhoorn, III et al., Young et al. teach a method, 
wherein the controlling step further includes obtaining, for each queuing module, the 
corresponding assigned maximum output bandwidth from a configuration register (see 
Young et al., paragraph 0051). 

18. As per claim 9, Crichton et al., Verhoorn, III et al., Young et al. teach a method, 
wherein the controlling step further includes negotiating, for at least one queuing 
module, the corresponding assigned maximum output bandwidth with the corresponding 
destination (see Young et al., paragraphs 0085-0087). 

19. Claim 36 is rejected under 35 U.S.C. 103(a) as being unpatentable over Crichton 
et al. and Verhoorn, III et al. as applied to claim 1 above, and further in view of Haney 
(7,111,163). Crichton et al. and Verhoorn, III et al. teach the mentioned limitations of 
claim 1 above but fail to teach a method, wherein each secure connection is a 
corresponding encrypted tunnel. However, Haney teaches a method, wherein each 
secure connection is a corresponding encrypted tunnel (see Haney, col. 8, lines 10-44). 
It would have been obvious to one having ordinary skill in the art at the time of the 
invention to modify Crichton et al. and Verhoorn, III et al. to a method, wherein each 
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secure connection is a corresponding encrypted tunnel in order to solve the quality of 
service problem by providing non-blocking bandwidth (bandwidth that will always be 
available and will always be sufficient) and predefining routes for the "private tunnel" 
paths between points on the internet between ISX facilities (see Haney, col. 4, line 62- 
col. 5, line 6). 

20. Claims 1 1-22, 26-31, 34-35, and 37-39 have similar limitations as to claims 1-10, 
36, and 40; therefore, they are being rejected under the same rationale. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ranodhi Serrao whose telephone number is (571) 272- 
7967. The examiner can normally be reached on 8:00-4:30pm, M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system,, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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